Field of the Invention
Aspects of this invention relate generally to computer cryptography, and more particularly to an improved system and associated methods for encrypting data.
Description of Related Art
By way of background, various methods have been developed over the years for securing access to electronic data and related communications. A common method involves the use of symmetrical encryption algorithms, which employ a key for both encrypting and decrypting data. The key is used in such a way that, without it, the data cannot be easily decrypted. The primary problem with such a method is that anyone in possession of the key is able to use it to decrypt the data. Some key obfuscation technologies have attempted to solve this problem by employing a method which encrypts the key using a master key—also known as a black key or key encrypting key (“KEK”). In other words, the key used for encrypting the data is itself encrypted by the KEK. However, such a system is often not useful in diverse applications as they typically require relatively expensive hardware. Furthermore, while this type of system tends to work well in hardware-based systems where the “black box” is relatively secure, it typically does not work well in software-based systems or home/consumer environments, as the issue then becomes where to securely store the KEK. This is because, if the KEK is ever compromised, it renders all of the issued keys vulnerable. Thus, many encryption methods do not rely on encrypting the key with a KEK, and instead simply rely on randomly generated keys.
Electronic devices, such as computers, are often capable of generating random sequences for cryptography along with a variety of other purposes, such as gambling, statistical sampling, computer simulation, and other areas where a random sequence is useful in producing an unpredictable result. Some electronic devices are configured to generate random sequences using a hardware random number generator while others rely on software. These software based techniques often generate a pre-determined number of random sequences. Software of this nature is commonly referred to as a pseudo random number generator (“PRNG”) because it does not generate a truly random sequence when compared to a typical hardware random number generator. There are at least two major areas where flaws are exposed in the operation of any PRNG. First, if the seed being used to generate the sequence is not diverse enough, the resultant pseudo random sequence is potentially predictable and therefore poses a risk under the threat of being guessed. Second, even if a sufficiently diverse seed can be produced given the environmental considerations, if those conditions are capable of being determined and thus reproduced, then the resulting pseudo random sequence still poses a risk under the threat of being guessed. Attempts at improving the known prior art have revolved around trying to improve the PRNG itself by various means related to increasing the entropy of random seeds. The problem with these types of solutions, however, is that they require the improvement be incorporated into the PRNG being used. Thus, there is a need for increasing the security and performance of such a PRNG without requiring that the functionality of the PRNG be altered.
A further problem associated with prior art PRNG's is the relative probabilities associated with a particular number or character being included in the pseudo random value. In a bit more detail, when generating a numerical sequence, a PRNG must choose one of ten whole number values: 0, 1, 2, 3, 4, 5, 6, 7, 8, or 9. Regardless of the means used to generate a pseudo random value, that final value must be with in this range. The same would be true of pseudo random alphanumeric values (i.e., 0-9 and A-Z, possibly even including other ASCII characters). Depending on the strength of the PRNG a random sequence of ten places might be as weak as 7526435744, for example. The likelihood of a number being included increases as the length of the generated sequence is increased. Therefore a sequence that is twice as long is more likely to include a number outside of those selected in the original sequence (ex., 30820913007504796977). This likelihood increases as the length of the pseudo random sequence increases. Furthermore, once the key length is determined, cracking an encryption key is as simple as running through each permutation of number combinations for a key of that length.
Another problem associated with known prior art symmetrical encryption algorithms is that they, either by design or in their implementation, will either output nothing or will throw an error or exception when an attempt is made to use an incorrect key. This, in turn, facilitates the use of automated or semi-automated brute force cracking techniques to determine the correct key. All the person who is attempting the crack needs to do is run through every possible combination of characters that potentially comprise the key until a readable output is achieved. Theoretical encryption algorithms that would output readable data when presented with a bad key have been rejected as being impractical due to the unknown nature of the data which was encrypted.
Aspects of the present invention are directed to solving all of these problems and provide further related advantages as described in the following summary.